Hi! I have been struggling with the exploit for half a year and studying how to get around it, or reduce the likelihood of an exploit.
What I will tell you below is my experience in dealing with the exploit, I think it will help some.
When the exploiter is in the game, it can change its speed instead of a decent 16 to 50, but the server will not notice this because the speed was changed on the client side but not on the server side.
Here is an example of an event:
- If we change the speed on the client side, the server side will simply not notice it, otherwise if we change the speed on the server side, the server will notice it
Also, if the player changes his speed on the client side, the other players will see that the player is walking fast, but the server will not notice this:
- Two examples of the above contain only one script without changes:
local maxSpeed = 50
game.Players.PlayerAdded:Connect(function(plr)
local PrevSpeed = nil
local CurrentSpeed = nil
while (plr.Character==nil) do
wait(1)
end
CurrentSpeed=plr.Character.Humanoid.WalkSpeed
plr.Character.Humanoid:GetPropertyChangedSignal("WalkSpeed"):Connect(function()
local Speed = plr.Character.Humanoid.WalkSpeed
if Speed>maxSpeed then
warn("Player walk speed hack detected! Previous Speed: ",CurrentSpeed,", Current Speed: ",Speed)
end
PrevSpeed=CurrentSpeed
CurrentSpeed=Speed
end)
end)
Also, I do not advise using the automatic player ban function in your game due to an exploit, because if any error occurs in anti-exploit script, the server will ban an innocent player. Use, for example, instant killing [Player.Character.Humanoid.Health=0] of a player in case of suspicious actions on the side of the client, or kick him [Player:Kick("\nHere must be reason of kicking")].
If you create an anti-exploit on a server script and it contains player values (for example: WalkSpeed, HumanoidStateType, JumpHeight)
It will be useless because there is no way to check even if you do it in a local script, the exploiter can simply disable or remove the local script. Well, if you still want to do it in the local read below
Here is an example of a client script in which if he finds a thing that is only visible on the client side, he will immediately kill him:
- The video contains one local script, one server script, a remote event and a remote function
- The remote event is located in ReplicatedStorage and the remote function (remote event name: ‘CheckAdd’ | Remote function name: ‘CheckScript’)
- The local script is located in StarterPlayerScripts
- The server script is located in ServerScriptService
Local script:
local Event = game.ReplicatedStorage.CheckAdd
local Checker = game.ReplicatedStorage.CheckScript
local Player = game.Players.LocalPlayer
Player.CharacterAdded:Connect(function()
wait(5)
Player.Character.DescendantAdded:Connect(function(child)
Event:FireServer(child)
end)
end)
Checker.OnClientInvoke = function()
return "True"
end
Server script:
local Checker = game.ReplicatedStorage.CheckScript
local Event = game.ReplicatedStorage.CheckAdd
Event.OnServerEvent:Connect(function(plr,child)
local tool = false
for i,v in pairs(plr.Character:GetDescendants()) do
if v==child then
tool=true
end
end
if tool then
warn("tool was added from server side")
else
plr.Character.Humanoid.Health=0
warn("tool was added from client side")
end
end)
while wait(5) do -- This repeat will check all players for removing anti-exploit script
for i,v in pairs(game.Players:GetPlayers()) do
local suc,s = pcall(function()
if Checker:InvokeClient(v) ~= "True" then --if it return not "True" the player will kicked
v:Kick("\nDon't Exploiting!")
end
end)
if not suc then --if during calling :InvokeClient() it will got error
v:Kick("\nDon't Exploiting!")
end
end
end
- The two scripts above are just an example and are designed only for suspicious actions in the Character player using the DescendantAdded function, but you can try it
If the exploit tries to change the script, delete or disable the script, the server will immediately kick it:
I hope this will help some people with the exploit in their games.
My coding experience is a year and a half and I can probably make a mistake somewhere, if you find an error in the post, correct me.